[OSGeoLive] reg GDAL with ASLR build binaries
Brian M Hamlin
maplabs at light42.com
Wed Aug 5 12:56:56 PDT 2020
FYI on OSGeoLive 2020 'Focal' pre-alpha, output shows:
$ readelf -l /usr/bin/gdalinfo
Elf file type is DYN (Shared object file)
Entry point 0x1870
There are 13 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040
0x00000000000002d8 0x00000000000002d8 R 0x8
INTERP 0x0000000000000318 0x0000000000000318 0x0000000000000318
0x000000000000001c 0x000000000000001c R 0x1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000eb8 0x0000000000000eb8 R 0x1000
LOAD 0x0000000000001000 0x0000000000001000 0x0000000000001000
0x00000000000009e5 0x00000000000009e5 R E 0x1000
LOAD 0x0000000000002000 0x0000000000002000 0x0000000000002000
0x00000000000004c8 0x00000000000004c8 R 0x1000
LOAD 0x0000000000002ca8 0x0000000000003ca8 0x0000000000003ca8
0x0000000000000368 0x0000000000000370 RW 0x1000
DYNAMIC 0x0000000000002cb8 0x0000000000003cb8 0x0000000000003cb8
0x0000000000000200 0x0000000000000200 RW 0x8
NOTE 0x0000000000000338 0x0000000000000338 0x0000000000000338
0x0000000000000020 0x0000000000000020 R 0x8
NOTE 0x0000000000000358 0x0000000000000358 0x0000000000000358
0x0000000000000044 0x0000000000000044 R 0x4
GNU_PROPERTY 0x0000000000000338 0x0000000000000338 0x0000000000000338
0x0000000000000020 0x0000000000000020 R 0x8
GNU_EH_FRAME 0x0000000000002348 0x0000000000002348 0x0000000000002348
0x0000000000000044 0x0000000000000044 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
GNU_RELRO 0x0000000000002ca8 0x0000000000003ca8 0x0000000000003ca8
0x0000000000000358 0x0000000000000358 R 0x1
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.gnu.property .note.gnu.build-id .note.ABI-tag
.gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
03 .init .plt .plt.got .plt.sec .text .fini
04 .rodata .eh_frame_hdr .eh_frame
05 .init_array .fini_array .dynamic .got .data .bss
06 .dynamic
07 .note.gnu.property
08 .note.gnu.build-id .note.ABI-tag
09 .note.gnu.property
10 .eh_frame_hdr
11
12 .init_array .fini_array .dynamic .got
On 8/5/20 12:51 PM, Jim Klassen wrote:
> Are you sure you need to supply those flags at all? Are you using a
> recent enough Linux Distribution? I haven't build GDAL 2.3 in a long
> time (it is very old), I suppose it is possible it is doing something
> strange disabling PIE in the build system.
>
> My build of GDAL 3.1 on Debian 10 built PIE executable by default
> (without me specifying any special compiler options).
>
> For my GDAL 3.1 build:
> $ readelf -l gdalinfo
>
> Elf file type is DYN (Shared object file)
> ...
>
>
>
> It looks like gcc/g++ in Debian 10 default to building PIE. I'd
> expect similar vintage Ubuntu derivatives would do the same:
>
> $ cat a.c
> int main() { return 0; }
> $ gcc a.c
> $ file a.out
> a.out: ELF 64-bit LSB *pie executable*, x86-64, version 1 (SYSV),
> dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for
> GNU/Linux 3.2.0,
> BuildID[sha1]=fde557ade69c32cd2554ee888bc892175ae86867, not stripped
> $ readelf -l a.out
>
> Elf file type is DYN (Shared object file)
> ...
>
>
>
> On 8/5/20 9:55 AM, Brian M Hamlin wrote:
>>
>> Hi Kavitha -
>>
>> In general, specialized security work is outside of the scope of
>> the /educational mission/ at OSGeoLive project.
>>
>> ASLR is a security layer ? from Google search..
>>
>> "Address Space Layout Randomization (*ASLR*) is a computer security
>> technique which involves randomly positioning the base address of an
>> executable and the position of libraries, heap, and stack, in a
>> process's address space"
>>
>> Security is a concern at OSGeoLive, but not the primary concern. If
>> you seek direct consulting hours, please consider a time+money budget
>> to bring in additional skillsets.
>>
>> If you find a solution, please do not hesitate to share the results
>> with the GDAL project and Ubuntu upstream, for better specialized
>> security in the future.
>>
>> others may have different resources for you on this topic
>> best regards --Brian
>>
>>
>> On 8/5/20 7:32 AM, Kavitha K wrote:
>>> Hi All,
>>> We are trying to compile the gdal 2.3.2 source with ASLR . But we
>>> are seeing the
>>> Elf file type as EXEC (Executable file) instead DYN.
>>>
>>> Please help us whether gdal build is supported the compilation with
>>> "-Fpie -pie -fPIC".
>>>
>>> Steps which we followed:
>>>
>>> cp gdalDevKits/gdal-2.3.2.tar.gz .
>>>
>>> tar -xvf gdal-2.3.2.tar.gz
>>>
>>> cd gdal-2.3.2
>>>
>>> env CFLAGS="-Fpie -pie -fPIC" ./configure
>>>
>>> make install
>>>
>>> cd /usr/local/bin
>>>
>>> readelf -l gdaltransform
>>>
>>> Elf file type is EXEC (Executable file)
>>>
>>> Entry point 0x40
>>> Thanks,
>>> Kavitha
>>>
>>> _______________________________________________
>>> osgeolive mailing list
>>> osgeolive at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/osgeolive
>>
>> _______________________________________________
>> osgeolive mailing list
>> osgeolive at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/osgeolive
>
>
> _______________________________________________
> osgeolive mailing list
> osgeolive at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/osgeolive
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/osgeolive/attachments/20200805/11664e7b/attachment-0001.html>
More information about the osgeolive
mailing list